PHP is an HTML-embedded scripting language commonly used with the ApacheHTTP Web server.

A heap buffer overflow flaw was found in the PHP 'xmlrpc' extension. APHP script which implements an XML-RPC server using this extensioncould allow a remote attacker to execute arbitrary code as the 'apache'user. Note that this flaw does not affect PHP applications using thepure-PHP XML_RPC class provided in /usr/share/pear. (CVE-2007-1864)

A flaw was found in the PHP 'ftp' extension. If a PHP script used thisextension to provide access to a private FTP server, and passed untrustedscript input directly to any function provided by this extension, a remoteattacker would be able to send arbitrary FTP commands to the server. (CVE-2007-2509)

A buffer overflow flaw was found in the PHP 'soap' extension, regarding thehandling of an HTTP redirect response when using the SOAP client providedby this extension with an untrusted SOAP server. No mechanism to triggerthis flaw remotely is known. (CVE-2007-2510)

Users of PHP should upgrade to these updated packages which containbackported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188